From: Dan Carpenter <error27@gmail.com>
To: Namjae Jeon <linkinjeon@kernel.org>
Cc: linux-fsdevel@vger.kernel.org
Subject: [bug report] ntfs: update attrib operations
Date: Fri, 10 Apr 2026 09:46:46 +0300 [thread overview]
Message-ID: <adic1vbVQJoOJq9n@stanley.mountain> (raw)
Hello Namjae Jeon,
Commit 495e90fa3348 ("ntfs: update attrib operations") from Feb 13,
2026 (linux-next), leads to the following Smatch static checker
warning:
fs/ntfs/attrib.c:196 ntfs_map_runlist_nolock()
error: uninitialized symbol 'ctx_needs_reset'.
fs/ntfs/attrib.c
78 int ntfs_map_runlist_nolock(struct ntfs_inode *ni, s64 vcn, struct ntfs_attr_search_ctx *ctx)
79 {
80 s64 end_vcn;
81 unsigned long flags;
82 struct ntfs_inode *base_ni;
83 struct mft_record *m;
84 struct attr_record *a;
85 struct runlist_element *rl;
86 struct folio *put_this_folio = NULL;
87 int err = 0;
88 bool ctx_is_temporary = false, ctx_needs_reset;
89 struct ntfs_attr_search_ctx old_ctx = { NULL, };
90 size_t new_rl_count;
91
92 ntfs_debug("Mapping runlist part containing vcn 0x%llx.",
93 (unsigned long long)vcn);
94 if (!NInoAttr(ni))
95 base_ni = ni;
96 else
97 base_ni = ni->ext.base_ntfs_ino;
98 if (!ctx) {
99 ctx_is_temporary = ctx_needs_reset = true;
100 m = map_mft_record(base_ni);
101 if (IS_ERR(m))
102 return PTR_ERR(m);
103 ctx = ntfs_attr_get_search_ctx(base_ni, m);
104 if (unlikely(!ctx)) {
105 err = -ENOMEM;
106 goto err_out;
107 }
108 } else {
109 s64 allocated_size_vcn;
110
111 WARN_ON(IS_ERR(ctx->mrec));
112 a = ctx->attr;
113 if (!a->non_resident) {
114 err = -EIO;
115 goto err_out;
ctx_is_temporary is false. ctx_needs_reset is uninitialized.
116 }
117 end_vcn = le64_to_cpu(a->data.non_resident.highest_vcn);
118 read_lock_irqsave(&ni->size_lock, flags);
119 allocated_size_vcn =
120 ntfs_bytes_to_cluster(ni->vol, ni->allocated_size);
121 read_unlock_irqrestore(&ni->size_lock, flags);
122 if (!a->data.non_resident.lowest_vcn && end_vcn <= 0)
123 end_vcn = allocated_size_vcn - 1;
124 /*
125 * If we already have the attribute extent containing @vcn in
126 * @ctx, no need to look it up again. We slightly cheat in
127 * that if vcn exceeds the allocated size, we will refuse to
128 * map the runlist below, so there is definitely no need to get
129 * the right attribute extent.
130 */
131 if (vcn >= allocated_size_vcn || (a->type == ni->type &&
132 a->name_length == ni->name_len &&
133 !memcmp((u8 *)a + le16_to_cpu(a->name_offset),
134 ni->name, ni->name_len) &&
135 le64_to_cpu(a->data.non_resident.lowest_vcn)
136 <= vcn && end_vcn >= vcn))
137 ctx_needs_reset = false;
138 else {
139 /* Save the old search context. */
140 old_ctx = *ctx;
141 /*
142 * If the currently mapped (extent) inode is not the
143 * base inode we will unmap it when we reinitialize the
144 * search context which means we need to get a
145 * reference to the page containing the mapped mft
146 * record so we do not accidentally drop changes to the
147 * mft record when it has not been marked dirty yet.
148 */
149 if (old_ctx.base_ntfs_ino && old_ctx.ntfs_ino !=
150 old_ctx.base_ntfs_ino) {
151 put_this_folio = old_ctx.ntfs_ino->folio;
152 folio_get(put_this_folio);
153 }
154 /*
155 * Reinitialize the search context so we can lookup the
156 * needed attribute extent.
157 */
158 ntfs_attr_reinit_search_ctx(ctx);
159 ctx_needs_reset = true;
160 }
161 }
162 if (ctx_needs_reset) {
163 err = ntfs_attr_lookup(ni->type, ni->name, ni->name_len,
164 CASE_SENSITIVE, vcn, NULL, 0, ctx);
165 if (unlikely(err)) {
166 if (err == -ENOENT)
167 err = -EIO;
168 goto err_out;
169 }
170 WARN_ON(!ctx->attr->non_resident);
171 }
172 a = ctx->attr;
173 /*
174 * Only decompress the mapping pairs if @vcn is inside it. Otherwise
175 * we get into problems when we try to map an out of bounds vcn because
176 * we then try to map the already mapped runlist fragment and
177 * ntfs_mapping_pairs_decompress() fails.
178 */
179 end_vcn = le64_to_cpu(a->data.non_resident.highest_vcn) + 1;
180 if (unlikely(vcn && vcn >= end_vcn)) {
181 err = -ENOENT;
182 goto err_out;
183 }
184 rl = ntfs_mapping_pairs_decompress(ni->vol, a, &ni->runlist, &new_rl_count);
185 if (IS_ERR(rl))
186 err = PTR_ERR(rl);
187 else {
188 ni->runlist.rl = rl;
189 ni->runlist.count = new_rl_count;
190 }
191 err_out:
192 if (ctx_is_temporary) {
193 if (likely(ctx))
194 ntfs_attr_put_search_ctx(ctx);
195 unmap_mft_record(base_ni);
--> 196 } else if (ctx_needs_reset) {
^^^^^^^^^^^^^^^
Uninitialized
197 /*
198 * If there is no attribute list, restoring the search context
199 * is accomplished simply by copying the saved context back over
200 * the caller supplied context. If there is an attribute list,
This email is a free service from the Smatch-CI project [smatch.sf.net].
regards,
dan carpenter
next reply other threads:[~2026-04-10 6:46 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-10 6:46 Dan Carpenter [this message]
-- strict thread matches above, loose matches on Subject: below --
2026-04-10 10:11 [bug report] ntfs: update attrib operations Dan Carpenter
2026-02-27 7:58 Dan Carpenter
2026-02-27 9:46 ` Namjae Jeon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=adic1vbVQJoOJq9n@stanley.mountain \
--to=error27@gmail.com \
--cc=linkinjeon@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox